d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec

Analysis

max time kernel
43s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:20

Target

d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe
Size

66KB
MD5

3141d2447e9bfa16088049082d85b7bc
SHA1

75a072dffd861bef17fabf68b2287cdd562fdc12
SHA256

d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec
SHA512

c6da4f10ad64b1e9272f1e8e890ddf330da341654df54cb3fa7c1d2a2dfc7269029d1ce98ea071b642d3e6a3b9c77acf71559cd3c219c1ebdfdfd68c646dd3de
SSDEEP

768:RC0GoD8G6AU/Ven1Nv98Mba4NbhrIR19qzLyxwZeKUpThAazjgMsvaiEfxSwjC06:3CqatReX16pthsvdE8w+gRxkoL1Qt+6P

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1536 572 WerFault.exe d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe

pid	pid_target	process	target process
1536	572	WerFault.exe	d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe

description	pid	process	target process
PID 572 wrote to memory of 1536	572	d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe	WerFault.exe
PID 572 wrote to memory of 1536	572	d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe	WerFault.exe
PID 572 wrote to memory of 1536	572	d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe	WerFault.exe
PID 572 wrote to memory of 1536	572	d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe
"C:\Users\Admin\AppData\Local\Temp\d3b7dc41f089bea5e255d58568d5802769737cb67164bfcb10a4e84a475a08ec.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 36
2⤵
- Program crash
PID:1536

memory/572-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1536-54-0x0000000000000000-mapping.dmp

Download